Cyber Detection Engineer

About The Position

Requirements

• Solid understanding of cyber security fundamentals
• Strong interest and understanding in using data to identify suspicious behavioural patterns.
• Hands-on experience with Microsoft Sentinel or another SIEM platform.
• Experience writing KQL queries for detection, investigation or reporting.
• Understanding of Microsoft Defender products, such as Defender for Endpoint, Defender for Office 365, Defender for Cloud or Defender for Identity.
• Familiarity with Azure, Entra ID, Microsoft 365 and common cloud security log sources.
• Knowledge of security monitoring concepts, alert logic, false positive tuning and detection lifecycle management.
• Interest in attacker behaviours, persistence techniques, lateral movement, credential abuse and common cloud attack paths.
• Awareness of frameworks such as MITRE ATT&CK, Cyber Kill Chain or similar.
• Ability to document technical work clearly and explain detection logic to both technical and non-technical audiences.
• Basic scripting or automation skills, for example PowerShell, Python, Logic Apps or similar.
• A collaborative mindset and willingness to work with analysts, engineers, consultants and clients.

Nice To Haves

• Microsoft certifications such as SC-200, AZ-500, SC-100 or SC-900.
• Experience with Sentinel as code, CI/CD pipelines, ARM, Bicep, Terraform or Git-based content management.
• Experience building Sentinel workbooks, playbooks or automation rules.
• Exposure to SOAR processes and incident response automation.
• Experience with threat hunting or purple-team-style detection validation.
• Familiarity with Sigma, YARA, structured detection content or detection-as-code approaches.
• Experience working in an MSSP, consultancy or client-facing security environment.
• Knowledge of statistics, data science, AI or machine learning as applied to cyber security.

Responsibilities

• Develop, tune and maintain threat-led detections across Microsoft Sentinel, Microsoft Defender XDR and the wider Microsoft Security ecosystem using KQL and Advanced Hunting.
• Perform threat intelligence-led detection engineering by researching emerging threats, vulnerabilities, attacker techniques and active campaigns, then translating relevant findings into practical detections, hunting queries and response guidance.
• Building analytics rules, hunting queries, workbooks, automation logic and alert enrichment to improve detection and response outcomes
• Work with log sources across Microsoft Defender, Azure, Microsoft 365, Entra ID, identity platforms, firewalls, SaaS tools and other client environments, collaborating with SecOps Engineers to recommend table schema, parsing, normalisation and ingestion optimisation improvements that enhance detection quality and operational efficiency.
• Validate and optimise data connectors, log sources, telemetry coverage and Microsoft Content Hub detection capability to ensure detections are reliable, actionable and suitable for CyberOne client environments.
• Mapping detections to attacker behaviours, TTPs and frameworks such as MITRE ATT&CK.
• Reduce false positives through structured tuning, baselining, alert performance review and feedback from SOC analysts and incident responders.
• Helping develop reusable detection content, playbooks and best-practice templates for CyberOne clients.
• Collaborating with SOC analysts and incident responders to improve triage quality and investigation workflows.
• Producing clear documentation for detections, use cases, data requirements, assumptions and response guidance.
• Support client workshops and technical discussions around detection coverage, Sentinel maturity, Defender XDR adoption, unified SecOps and monitoring / detection strategy.
• Keep up to date with emerging threats, Microsoft security capabilities, Defender XDR enhancements and detection engineering techniques.
• You will work with the freedom to suggest improvements, champion developments, and enhance how CyberOne identifies threat for all our clients.

Benefits

• Competitive compensation
• career growth opportunities
• access to continuous learning and certifications
• Flexible working hours
• remote-first culture
• Birthday off
• long-service awards
• Bi-annual performance awards
• team off-sites
• Structured training
• technical exposure
• career pathing